Palamida Professional Services

Fast, Accurate Answers to "What's in Your Code?" for M&A and Baselines

... get the answers you need, when you need them – with accurate, unbiased, and independent reports which identify open source and commercial components and their license and vulnerability status.

I’ve been very satisfied with the services, in particular the consultant team's ability (and natural inclination) to crack open packages that some might not, often finding subcomponents that are licensed differently.
- VP, IP Legal

Mergers and Acquisitions

We're pursuing a software M&A transaction, and we need to identify intellectual property issues as soon as possible.

The emphasis during an M&A project is on results which can impact go/no-go decisions, valuation or remediation costs. Palamida’s value during M&A engagements is in two areas – first, we deliver a high quality report much more quickly than any other approach; and second, we act as an arms-length independent third party. Due to this independence, target companies are more willing to share code for analysis than if they were requested to release it to the acquiring company prior to a definitive agreement.

CONFIDENTIAL & TIMELY ANALYSIS

We understand that time is critical and often will start engagements the same day that a client makes the first contact with us. Our process ensures the highest possible confidentiality and all project information is treated on a need-to-know basis. During an M&A project our auditors can make interim reports if requested to enable deal teams to use the information during the negotiation. The scope and depth of our analysis is tailored to the time available, with initial results focusing on IP issues that represent the most challenging remediation. With additional time, we expand the reports to the forensic level so that acquiring firms can be confident that they understand the full impact of adding the target company code to their internal repositories.

FREQUENTLY ASKED QUESTIONS

How long does an audit engagement take?

The time required for an analysis is a function of the size of the codebase, the amount of open source and other third party code contained, and the level of analysis specified for the engagements. While it is difficult to generalize, many engagements are completed within 5-10 days. Access to materials is also an important factor. Timely access to a complete set of code materials allows the engagement to start and finish promptly.

What do you mean by “level of analysis”?

We have two general levels of analysis, overview and detailed. An overview analysis is designed to concentrate on high priority findings including but not limited to copyleft-style licenses and other priorities as established for the specific engagement. A detailed report is designed to review all evidence found with the objective of a much more complete record of all included third party materials. All audit engagements include a full scan of the materials and a report which details each component’s name, description, URL, license, disclosure status, and file list. Palamida PS specialists can make a recommendation based on the specifics of the situation.

What is the deliverable at the end of an audit engagement?

The deliverable is in the form of a report detailing each component's name, description, URL, license, disclosure status, and file list. If specified, the report can contain vulnerability status. In addition, we conduct a report call in which our specialists step through the report for to provide clarification and answer questions. While we are not a law firm, our PS professionals can describe best practices and other examples from our experience. While such advice is always helpful, it is not a substitute for legal advice.

How much does it cost?

Since we will often assign multiple analysts to a project, pricing is a function of the number of analyst-days required to complete the project. On-site and weekend work is possible, and will result in additional charges. Per day pricing is on-par with other professional services and consulting rates. We have tools to assist with sizing the work, and a discussion with a Palamida PS professional will help resolve pricing and delivery questions promptly.

Internal Baselines

We have a big product release coming up, and we’re pretty sure that our current Open Source list is not complete

We anticipate interest from potential acquirers, and we want to be ready.

We have launched an Open Source initiative and need help to get through the initial baseline scans for our products.

Our engineering VP is concerned about vulnerability issues in the Open Source components we use, and wants an analysis.

There are a number of non-M&A situations in which Palamida Professional Services can add value when the availability of additional resources and expertise is required to meet schedules or to jumpstart major initiatives. For example:

As the starting point for an OSS compliance program involving the use of Palamida software systems

When you are receiving a code drop from an outsourced supplier

At a key development milestone

When a sales contract calls for disclosure of code content

When you anticipate making a software project open source

If you anticipate interest from potential acquirers

IP Litigation

In all of these cases Palamida Professional Services can supply the resources and expertise to enable predictable and accurate completion of the analysis. As with M&A projects, the scope of analysis can be tailored to the situation—from overview to detailed analysis and all projects are treated with the same level of confidentiality. Palamida’s experience with baseline audits range from small to complete baselines for extensive product lines. In many cases, baseline audits are performed in conjunction with the startup of an OSS compliance initiative which includes use of Palamida software products. In these cases, the results of the baseline audit remain live in the Palamida system for reporting and future rescans. The process for a baseline audit is similar to an M&A engagement from the standpoint of determining the scope and level of analysis. Typically, however the Palamida team will work more closely with the customer organization to transfer not only analysis results but also knowledge and best practices so that results can more easily form the basis of an on-going program if required. Our Professional Services team members can help you determine how and when baseline audit services make sense for your organization.